Information Security and Wireless - Cyber Security Informer

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Security Affairs

DECEMBER 19, 2024

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure.

Wireless

Wireless Authentication Healthcare Education

Cisco fixed a critical flaw in its IOS XE Wireless Controller

Security Affairs

MAY 8, 2025

Cisco addressed a flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files. Cisco released software updates to address a vulnerability, tracked asCVE-2025-20188 (CVSS score 10), in IOS XE Wireless Controller. ” reads the advisory.

Wireless

Wireless Software Hacking Information Security

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

Security Affairs

MARCH 23, 2021

This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production. Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. continues the announcement.

Wireless

Wireless Manufacturing Ransomware Mobile

D-Link addressed three critical RCE in wireless router models

Security Affairs

SEPTEMBER 16, 2024

D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694 , CVE-2024-45695 , CVE-2024-45697 , impacting three wireless router models. critical): The issue is a stack-based buffer overflow in the web service of certain models of D-Link wireless routers. DIR-X4860 A1 firmware version 1.00, 1.04 CVE-2024-45695 (9.8

Wireless

Wireless Firmware Manufacturing Hacking

T-Mobile discloses data breach affecting prepaid wireless customers

Security Affairs

NOVEMBER 22, 2019

The US branch of the telecommunications giant T -Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. The cybersecurity team at T-Mobile discovered an unauthorized access to information associated with a limited number of its prepaid wireless account customers.

Wireless

Wireless Data breaches Mobile Telecommunications

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Some of these clusters specifically target Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. Similar botnets, like alogin and rlogin, target other devices, including Asus routers (alogin) and Ruckus Wireless devices (rlogin), each with distinct open ports for administration and proxy functions.

Passwords

Passwords Wireless VPN Accountability

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

Security Affairs

JUNE 3, 2021

Researchers found multiple flaws in the Realtek RTL8170C Wi-Fi module that could be exploited to elevate privileges and hijack wireless communications. Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C Wi-Fi module that could allow to elevate privileges and hijack wireless communications.

Wireless

Wireless IoT Encryption Firmware

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Security Affairs

APRIL 15, 2022

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695 , in Cisco Wireless LAN Controller (WLC). or Release 8.10.162.0

Wireless

Wireless Software Authentication Mobile

ThousandEyes Pi4 Wireless Deployment at Black Hat USA

Cisco Security

AUGUST 24, 2023

A deployment guide for wireless ThousandEyes agents deployed to monitor the Black Hat 2023 conference by Adam Kilgore & Ryan MacLennan ThousandEyes (TE) Black Hat 2023 Deployment Guide This guide documents the setup and installation procedures used to deploy ThousandEyes at Black Hat 2023.

Wireless

Wireless Media Passwords DNS

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

It seems to have nothing to do with phone/wireless network state. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device.” ” Classen explained. Apple indeed added a feature called "inactivity reboot" in iOS 18.1. Keystore is used when unlocking the device.

Media

Media Wireless Mobile Encryption

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

JUNE 10, 2022

While “ zero trust ” has been a buzzword for some time, the principle of zero trust, and expenditures toward getting organizational policies, procedures, and infrastructure closer to delivering it, is gaining acceptance as constituting a fundamental component of information security programs.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Wireless

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

The IPv6 addresses were traced to Verizon Wireless, which told the investigators that the addresses were in use by an account belonging to Williams. The records indicated two IPv6 addresses had been used to search for the address three times: one the day before the SUV was set on fire, and the other two about an hour before the attack.

Surveillance

Surveillance Wireless Accountability Architecture

A full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn

Security Affairs

SEPTEMBER 5, 2020

The US Federal Communications Commission (FCC) estimates the cost of a full replacement of all Huawei and ZTE hardware on American wireless networks at $1.837bn. ” The report aims at promoting the security of our national communications networks by providing information from the US carriers. . Pierluigi Paganini.

Wireless

Wireless Government Advertising Internet

UScellular data breach: attackers ported customer phone numbers

Security Affairs

JANUARY 30, 2021

US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported. US wireless carrier UScellular discloses a data breach that exposed personal information of its customers. ” reads the USCellular data breach notification.

Data breaches

Data breaches Wireless Retail Accountability

UScellular discloses the second data breach in a year

Security Affairs

JANUARY 4, 2022

UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over 4.9 ” The attackers attempted to use this information to fraudulently port numbers.

Data breaches

Data breaches Wireless Accountability Retail

Critical bug in Cisco UWRB access points allows attackers to run commands as root

Security Affairs

NOVEMBER 6, 2024

Cisco fixed a critical flaw in URWB access points, allowing attackers to run root commands, compromising industrial wireless automation security. The vulnerability resides in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.

Wireless

Wireless Software Information Security Hacking

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

JULY 9, 2020

The phone was being shipped to users with two malicious malware masqueraded as Wireless Update application and a Settings app respectively. “We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile. .

Malware

Malware Wireless Mobile Advertising

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

Security Affairs

APRIL 5, 2025

The issue likely affected most Verizon Wireless users, as the service is often enabled by default. The vulnerability in the Verizon Call Filter apps /clr/callLogRetrieval endpoint, although authentication was enforced via JWT tokens, the server failed to verify that the phone number in the header matched the tokens user ID ( sub ).

Wireless

Wireless Surveillance Risk Media

BSides Philly 2020 – Nick Delewski’s ‘Wireless WiFi: Think More About What Wireless Really Means’

Security Boulevard

APRIL 16, 2021

The post BSides Philly 2020 – Nick Delewski’s ‘Wireless WiFi: Think More About What Wireless Really Means’ appeared first on Security Boulevard. Many thanks to BSides Philly for publishing their outstanding videos on the organization's YouTube channel.

Wireless

Wireless Education InfoSec Information Security

DEF CON 29 Voting Village – Susan Greenhalgh’s ‘Wireless Odyssey’

Security Boulevard

NOVEMBER 12, 2021

The post DEF CON 29 Voting Village – Susan Greenhalgh’s ‘Wireless Odyssey’ appeared first on Security Boulevard. Our thanks to DEFCON for publishing their outstanding DEF CON 29 Voting Village videos on the Conferences’ YouTube channel.

Wireless

Wireless Education InfoSec Information Security

Cisco warns of XSS flaw in end-of-life small business routers

Security Affairs

APRIL 6, 2024

The company confirmed that this vulnerability does not affect the following RV Series Small Business Routers: RV160 VPN Routers RV160W Wireless-AC VPN Routers RV260 VPN Routers RV260P VPN Routers with PoE RV260W Wireless-AC VPN Routers RV340 Dual WAN Gigabit VPN Routers RV340W Dual WAN Gigabit Wireless-AC VPN Routers RV345 Dual WAN Gigabit VPN Routers (..)

Small Business

Small Business VPN Wireless Software

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

Security Affairs

APRIL 9, 2021

The company has not released security updates to address this flaw, the company pointed out that there are no workarounds that fix this vulnerability. The flaw affects the following Cisco Small Business RV Series Routers: RV110W Wireless-N VPN Firewall RV130 VPN Router RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router.

Small Business

Small Business Wireless VPN Firewall

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

It is best known for producing products like screen protectors, mobile device cases, power banks, wireless charging devices, and other smartphone and tablet accessories. is a consumer electronics accessories company based in the United States.

Data breaches

Data breaches Computers and Electronics Hacking Wireless

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface. ” reads the advisory published by Claroty.

Firmware

Firmware IoT Wireless Surveillance

Sonos smart speakers flaw allowed to eavesdrop on users

Security Affairs

AUGUST 9, 2024

The flaw resides in the device’s wireless driver which fails to properly validate an information element while negotiating a WPA2 four-way handshake. “A vulnerability exists in the affected devices wireless driver that does not properly validate an information element while negotiating a WPA2 four-way handshake.”

Wireless

Wireless Manufacturing Engineering Hacking

New AT&T data breach exposed call logs of almost all customers

Security Affairs

JULY 12, 2024

Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network.

Data breaches

Data breaches Wireless Mobile Hacking

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

In December 2020, T-Mobile disclosed a data breach that exposed customers’ network information (CPNI). In 2019, T-Mobile disclosed data breach affecting prepaid wireless customers. In 2018, data breach exposed personal information of up to 2 million customers.

Mobile

Mobile Telecommunications Data breaches Hacking

Cisco addresses 3 critical vulnerabilities in IOS XE Software

Security Affairs

SEPTEMBER 24, 2021

Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers.

Software

Software Wireless Authentication Accountability

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Security Affairs

APRIL 29, 2024

wireless carriers $200 million for sharing customers’ real-time location data without consent. wireless carriers nearly $200 million for unlawfully selling access to real-time location data of their customers without consent. The Federal Communications Commission (FCC) fined the largest U.S. The FCC has fined four major U.S.

Wireless

Wireless Telecommunications Insurance Mobile

Attack of drones: airborne cybersecurity nightmare

Security Affairs

DECEMBER 2, 2022

Dronesploit is dependent on Aircrack-ng being installed and fully functional in addition to having an appropriate wireless network adapter capable of sniffing wireless networks and performing packet injection. These attacks are useful for either drone takeover or obtaining the wireless network key for offline cracking.

Cybersecurity

Cybersecurity Wireless Computers and Electronics Penetration Testing

Quad7 botnet evolves to more stealthy tactics to evade detection

Security Affairs

SEPTEMBER 10, 2024

The Quad7 botnet evolves and targets new SOHO devices, including Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. Some of these clusters specifically target Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. These routers are used to relay brute-force attacks on Microsoft 365 accounts.

Wireless

Wireless VPN Media Accountability

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Security Affairs

DECEMBER 13, 2021

According to the research paper published by the experts, modern mobile devices use separate wireless chips to manage wireless technologies, such as Bluetooth, Wi-Fi, and LTE. The researchers explained that it is possible to use these shared resources to launch lateral privilege escalation attacks across wireless chip boundaries.

Wireless

Wireless Firmware Mobile Passwords

Cisco fixes critical remote code execution issues in SMB VPN routers

Security Affairs

FEBRUARY 4, 2021

.” The IT giant revealed that the vulnerabilities affect the following Cisco Small Business Routers if they are running a firmware release earlier than Release 1.0.01.02: RV160 VPN Router RV160W Wireless-AC VPN Router RV260 VPN Router RV260P VPN Router with POE RV260W Wireless-AC VPN Router.

VPN

VPN Small Business Wireless Firmware

Old vulnerabilities in Cisco products actively exploited in the wild

Security Affairs

DECEMBER 19, 2022

CVE-2018-0125 (CVSS score of 9.8) – A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. .

Wireless

Wireless VPN Software Hacking

Hackers gained access to T-Mobile customers and employee personal info

Security Affairs

MARCH 5, 2020

New problems for the wireless carrier T-Mobile that disclosed a data breach that exposed some of the customers’ personal information. The wireless carrier T-Mobile was victims of a sophisticated cyber attack that targeted its email vendor. ” reads the data breach notification.

Mobile

Mobile Data breaches Telecommunications Wireless

Cisco will not patch critical flaw CVE-2021-34730 in EoF routers

Security Affairs

AUGUST 19, 2021

” The IT giant recommends customers using RV110W Wireless-N VPN Firewalls, RV130 VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers to disable UPnP on both the LAN and WAN interfaces of their devices.

Small Business

Small Business Wireless VPN Firewall

Kansas State University suffered a serious cybersecurity incident

Security Affairs

JANUARY 19, 2024

On January 18, KSU Wireless was still unavailable, the university recommends the use of KSU Guest to connect wirelessly during this time. At this time, K-State has yet to provide details about the security breach. On January 17, the university announced that emails would return in a temporary format on Thursday, Jan.

Cybersecurity

Cybersecurity Wireless VPN Hacking

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

British telecommunications company Cable & Wireless played a crucial role in the tapping of the undersea cables, in February 2009 a GCHQ employee was assigned to work within the company in a “full-time project management” role to follow the operation from the inside.

Wireless

Wireless Surveillance Telecommunications Advertising

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

OCTOBER 21, 2020

Sweden is banning Chinese tech giant Huawei and ZTE from building new 5G wireless networks due to national security concerns. In December 2018, a Czech cyber-security agency is warned against using Huawei and ZTE technologies because they pose a threat to state security.

Wireless

Wireless Internet Internet Advertising

TracFone will pay $16 million to settle FCC data breach investigation

Malwarebytes

JULY 24, 2024

TracFone Wireless Inc. is an American prepay wireless service provider wholly owned by Verizon. TracFone Wireless Inc. is an American prepay wireless service provider wholly owned by Verizon. TracFone services are used by the brands Straight Talk, Total by Verizon Wireless, and Walmart Family Mobile.

Data breaches

Data breaches Wireless Passwords Phishing

NETGEAR fixes a severe bug in its routers. Patch it asap!

Security Affairs

DECEMBER 30, 2022

Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC router models.

Firmware

Firmware Wireless Authentication Hacking

DEF CON 31 – Dr. Sebastian Köhler’s, Dr. Richard Baker’s ‘Car Hacking Village – Exploiting Wireless Side Channels In EV Charging’

Security Boulevard

OCTOBER 22, 2023

Permalink The post DEF CON 31 – Dr. Sebastian Köhler’s, Dr. Richard Baker’s ‘Car Hacking Village – Exploiting Wireless Side Channels In EV Charging’ appeared first on Security Boulevard.

Wireless

Wireless Hacking Architecture Education

LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables

Security Affairs

OCTOBER 5, 2021

” The experts explained that often air-gapped networks are wired with Ethernet cables since wireless connections are strictly prohibited to avoid data leaks. .” ” The experts explained that often air-gapped networks are wired with Ethernet cables since wireless connections are strictly prohibited to avoid data leaks.

Wireless

Wireless Malware Hacking Software

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

Security Affairs

FEBRUARY 26, 2020

The Kr00k vulnerability, tracked as CVE-2019-15126, could be exploited by nearby remote attackers to intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device. “ESET researchers discovered a previously unknown vulnerability in Wi-Fi chips and named it Kr00k. ” continues the report.

Encryption

Encryption Wireless Manufacturing Advertising

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Cisco fixed a critical flaw in its IOS XE Wireless Controller

Trending Sources

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

D-Link addressed three critical RCE in wireless router models

T-Mobile discloses data breach affecting prepaid wireless customers

Chinese threat actors use Quad7 botnet in password-spray attacks

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

ThousandEyes Pi4 Wireless Deployment at Black Hat USA

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Google Responds to Warrants for “About” Searches

A full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn

UScellular data breach: attackers ported customer phone numbers

UScellular discloses the second data breach in a year

Critical bug in Cisco UWRB access points allows attackers to run commands as root

Pre-Installed malware spotted on other Android phones sold in US

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

BSides Philly 2020 – Nick Delewski’s ‘Wireless WiFi: Think More About What Wireless Really Means’

DEF CON 29 Voting Village – Susan Greenhalgh’s ‘Wireless Odyssey’

Cisco warns of XSS flaw in end-of-life small business routers

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

ZAGG disclosed a data breach that exposed its customers’ credit card data

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Sonos smart speakers flaw allowed to eavesdrop on users

New AT&T data breach exposed call logs of almost all customers

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Cisco addresses 3 critical vulnerabilities in IOS XE Software

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Attack of drones: airborne cybersecurity nightmare

Quad7 botnet evolves to more stealthy tactics to evade detection

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Cisco fixes critical remote code execution issues in SMB VPN routers

Old vulnerabilities in Cisco products actively exploited in the wild

Hackers gained access to T-Mobile customers and employee personal info

Cisco will not patch critical flaw CVE-2021-34730 in EoF routers

Kansas State University suffered a serious cybersecurity incident

Russian spies are attempting to tap transatlantic undersea cables

Sweden bans Huawei and ZTE from building its 5G infrastructure

TracFone will pay $16 million to settle FCC data breach investigation

NETGEAR fixes a severe bug in its routers. Patch it asap!

DEF CON 31 – Dr. Sebastian Köhler’s, Dr. Richard Baker’s ‘Car Hacking Village – Exploiting Wireless Side Channels In EV Charging’

LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

Stay Connected